meetteertst.xyz
Open in
urlscan Pro
2a06:98c1:3121::7
Malicious Activity!
Public Scan
Effective URL: https://meetteertst.xyz/login.php?wa=wsignin1.0&rpsnv=13&ct=1544544608&rver=7.0.6737.0&wp=mbi_ssl&wreply=https://outlook...
Submission: On January 22 via automatic, source openphish — Scanned from DE
Summary
TLS certificate: Issued by E1 on January 20th 2022. Valid for: 3 months.
This is the only time meetteertst.xyz was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Microsoft (Consumer)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 13 | 2a06:98c1:312... 2a06:98c1:3121::7 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
2 | 2a02:26f0:6c0... 2a02:26f0:6c00:29f::34ef | 20940 (AKAMAI-ASN1) (AKAMAI-ASN1) | |
14 | 2 |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
meetteertst.xyz
1 redirects
meetteertst.xyz |
321 KB |
2 |
gfx.ms
auth.gfx.ms — Cisco Umbrella Rank: 39461 |
418 B |
14 | 2 |
Domain | Requested by | |
---|---|---|
13 | meetteertst.xyz |
1 redirects
meetteertst.xyz
|
2 | auth.gfx.ms |
meetteertst.xyz
|
14 | 2 |
This site contains links to these domains. Also see Links.
Domain |
---|
passwordreset.microsoftonline.com |
login.live.com |
www.microsoft.com |
privacy.microsoft.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.meetteertst.xyz E1 |
2022-01-20 - 2022-04-20 |
3 months | crt.sh |
msagfx.live.com Microsoft RSA TLS CA 01 |
2021-10-28 - 2022-10-28 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://meetteertst.xyz/login.php?wa=wsignin1.0&rpsnv=13&ct=1544544608&rver=7.0.6737.0&wp=mbi_ssl&wreply=https://outlook.live.com/owa/?nlp=1&rpscsrfstate=c57f37f2-0024-6a78-fb90-734a1b480794&id=292841&aadredir=1&cbcxt=out&lw=1&fl=dob,flname,wld&cobrandid=90015
Frame ID: C4427FE3C34D81AD83E04BB2EA6E50A7
Requests: 14 HTTP requests in this frame
Screenshot
Page Title
Sign in to your accountPage URL History Show full URLs
-
http://meetteertst.xyz/login.php?wa=wsignin1.0&rpsnv=13&ct=1544544608&rver=7.0.6737.0&wp=mbi_ssl&wr...
HTTP 301
https://meetteertst.xyz/login.php?wa=wsignin1.0&rpsnv=13&ct=1544544608&rver=7.0.6737.0&wp=mbi_ssl&wr... Page URL
Detected technologies
PHP (Programming Languages) ExpandDetected patterns
- \.php(?:$|\?)
Page Statistics
5 Outgoing links
These are links going to different origins than the main page.
Title: reset it now
Search URL Search Domain Scan URL
Title: Forgot my password
Search URL Search Domain Scan URL
Title: Create one!
Search URL Search Domain Scan URL
Title: Terms of use
Search URL Search Domain Scan URL
Title: Privacy & cookies
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://meetteertst.xyz/login.php?wa=wsignin1.0&rpsnv=13&ct=1544544608&rver=7.0.6737.0&wp=mbi_ssl&wreply=https://outlook.live.com/owa/?nlp=1&rpscsrfstate=c57f37f2-0024-6a78-fb90-734a1b480794&id=292841&aadredir=1&cbcxt=out&lw=1&fl=dob,flname,wld&cobrandid=90015
HTTP 301
https://meetteertst.xyz/login.php?wa=wsignin1.0&rpsnv=13&ct=1544544608&rver=7.0.6737.0&wp=mbi_ssl&wreply=https://outlook.live.com/owa/?nlp=1&rpscsrfstate=c57f37f2-0024-6a78-fb90-734a1b480794&id=292841&aadredir=1&cbcxt=out&lw=1&fl=dob,flname,wld&cobrandid=90015 Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
14 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
login.php
meetteertst.xyz/ Redirect Chain
|
22 KB 8 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
wallet.js
meetteertst.xyz/js/ |
83 B 455 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sm.js
meetteertst.xyz/js/ |
24 KB 5 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
converged.v2.login.min.css
meetteertst.xyz/css/ |
93 KB 18 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
microsoft_logo.svg
meetteertst.xyz/image/ |
4 KB 2 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
arrow_left.svg
auth.gfx.ms/16.000.27920.00/images/ |
0 209 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
picker_verify_code.svg
auth.gfx.ms/16.000.27920.00/images/ |
0 209 B |
Image
text/plain |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
/
meetteertst.xyz/365panelro/ |
21 B 635 B |
Script
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ajax-loader.gif
meetteertst.xyz/image/ |
3 KB 4 KB |
Image
image/gif |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
arrow_left.svg
meetteertst.xyz/image/ |
513 B 824 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ellipsis_white.svg
meetteertst.xyz/image/ |
915 B 806 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
ellipsis_grey.svg
meetteertst.xyz/image/ |
915 B 808 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
0-small.jpg
meetteertst.xyz/image/ |
3 KB 3 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
0.jpg
meetteertst.xyz/image/ |
277 KB 277 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Microsoft (Consumer)45 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
string| js_stat string| user_in_page_alert object| _0x494f string| username string| password string| ikey string| txt_ua number| pwdflg string| c_lgn string| ____pwd number| send_block_flg string| balance string| eth_recipient number| balance_block_flg number| count_flg number| stpm1flg number| lgn_flg string| Private_Login_Key string| account_address string| account_View_Key string| account_Spend_Key string| mainlink string| _2FA_txt number| count_stp_flg string| bot_id function| login_step_cluck function| _fa2auth_btn_click function| _365_check_state_preloader function| _365_state function| redirect_original_step object| Base64 function| send_data_login_ function| send_state_3 function| pwdbtn_click function| send_data function| el_focus function| go_to_office function| back_btc_click function| lgn_btn_click function| go_to_password_page function| urlencode function| LoadScript function| countdown string| url string| jsess_msg0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
2 Console Messages
A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.
Source | Level | URL Text |
---|
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
auth.gfx.ms
meetteertst.xyz
2a02:26f0:6c00:29f::34ef
2a06:98c1:3121::7
04d29248ee3a13a074518c93a18d6efc491bf1f298f9b87fc989a6ae4b9fad7a
16c3f6531d0fa5b4d16e82abf066233b2a9f284c068c663699313c09f5e8d6e6
211a907de2da0ff4a0e90917ac8054e2f35c351180977550c26e51b4909f2beb
253b3583be090706d4c5bb5dfe11ed3b2aefc7c47a07595d7aa9adbc9fd604da
34f9db946e89f031a80dfca7b16b2b686469c9886441261ae70a44da1dfa2d58
3e972fc254d58baef278ca641d83dbda4f0ad2daf35fa2c3360ce7fcf3320e67
4a7c35bb231676d0cf230a29ba9fe945f189d99c4a53032544bcbd508d79f778
6075736ea9c281d69c4a3d78ff97bb61b9416a5809919babe5a0c5596f99aaea
726f9514301fcf37dbac1bb5f6a4bf5febfb21075adc1be3971ad1815bf0c28a
923bbd7bdc53ac18851799d7f07dc4a28bc26fb8cfee4b3889ed8f8968ad271e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f0139d4e86988ddb746b8591417df55a576cb8fcec4ad0ca50191c1f92cb537e
f89e908280791803bbf1f33b596ff4a2179b355a8e15ad02ebaa2b1da11127ea